Related
DO NOT USE THIS ON THE GINGERBREAD RELEASES ! THE SAMSUNG GINGERBREAD RELEASES DO HAVE SIGNED BOOTLOADERS, BUT THEY ARE NOT LOCKED. In other words, you can still flash custom kernels and such, and the bootloader patch will only break things, not fix them.
To read the history of this problem, see the 2nd post of this thread (scroll down).
A number of new firmwares for the Samsung Galaxy Tab come with "signed / protected" bootloaders. These new bootloaders prevent you from flashing custom or otherwise unsigned kernels on the device. Trying to do so anyway will result in errors and usually requires you to reflash your ROM completely.
I hope everybody here has learned the lesson not to just flash anything that SamFirmware releases
The patch
After a great many hours of researching, testing and coding, myself (Chainfire) and Rotohammer have come up with a patch that works on most devices (currently all known GSM Tab variants), and flashes back unprotected JJ4 (T-Mobile ?) bootloaders, or the original P1000N bootloaders for the Latin models. The app only patches when it finds protected bootloaders, and you have to press a button for that, so the app can also be used to look at your current status.
The patch has been tested repeatedly and with success on (0 bricks so far):
- GT-P1000 Euro/International/Unbranded Galaxy Tab
- SGH-I987 AT&T Galaxy Tab
- SGH-I987 Rogers Galaxy Tab
- SGH-T849 T-Mobile Galaxy Tab
- GT-P1000L Latin Galaxy Tab (use LATIN version!)
- GT-P1000N Latin Galaxy Tab (use LATIN version!)
Additional thanks to: koush, neldar, richardtrip, AColwill, farahbolsey, deezid, wgery, tmaurice, rmanaudio, crisvillani, alterbridge86, ivannw, themartinohana, luisfer691 (in no particular order!)
Please note that even though there have not been any bricks so far, replacing bootloaders is a very dangerous operation that may BRICK your device, and you should think twice before using the patch. Using the patch is completely AT YOUR OWN RISK!
Instructions
Download the attached APK, install it on your device, and run it. It will show you a status screen, and if your device is compatible and you have protected bootloaders, the bottom entry "Patch bootloaders" will become available. Tapping it will start the patch procedure.
Note that the patch requires root !
Mini-FAQ
--- After the fix, my "zImage" still shows signed ! Is this a problem ?
No, this is perfectly fine! What matters is that "PBL", "SBL" and "SBL_Backup" are not signed. If "zImage" is signed, it means this ROM can be flashed onto a device that has signed bootloaders. UNsigned "zImage"s can NOT be flashed on signed bootloaders. This is the origin of the problem, because custom kernels are always UNsigned "zImage"s !
--- Can I now flash any ROM and just use this application to fix the bootloaders ?
Technically yes. But it would be stupid to do so. Flashing bootloaders (what this app does) is VERY dangerous, it is the only way to really brick a Tab. If you want to flash a new ROM, make sure it DOES NOT contain bootloaders. Remove them yourself, or wait for somebody else (like Rotohammer) to remove the bootloaders and post the "safe" ROM. Even though this patch is available, if at all possible, you should always try to avoid having to use it.
CDMA tabs
There is currently no support for CDMA Galaxy Tabs, nor do we know if support is needed at this time.
LINKING
You are expressly forbidden to repost the APK elsewhere. If you post about this, post a link to this thread, not to the download (or a repost of the download).
Download
Don't forget to donate and/or press the thanks button!
For non-XDA members who cannot access the attachment, here are multiupload links:
Euro / International / Unbranded / AT&T / Rogers / T-Mo: http://www.multiupload.com/EMOCU1S0V2
Latin (P1000L and P1000N): http://www.multiupload.com/3TJ3YWMWJR
MAKE SURE TO SELECT THE RIGHT DOWNLOAD!
WARNING! Do not flash JM6/9/A/C/D/E/F... Before reading this !
THIS POST, #2 OF THIS THREAD, IS HISTORICAL AND LEFT HERE "FOR THE RECORD". SEE THE FIRST POST FOR WHAT IS CURRENT!
BREAKING NEWS / JAN 15: A fix has been found ! See this post. Also see the bounty thread: http://forum.xda-developers.com/showthread.php?t=906464.
This really applies to other ROMs as well, but the "new" JM6/9/A/C/D/E/F ROMs specifically.
Some of these ROMs include new bootloaders. These bootloaders check checksums/signatures in various parts of the firmwares. The "normal" Samsung ROMs, nor custom ROMs and kernels, have these checksums.
The result is that once flashed, you cannot revert to older/official/custom Samsung ROMs, and you are pretty much stuck using one of these four ROMs, as they are the only ones containing the right checksums.
At least TRIPLE CHECK if you want to flash one of these ROMs, that what you are flashing DOES NOT include the new bootloaders ( boot.bin and sbl.bin ). I know from the CF-Root thread that a fair number of you are already too late, but I thought to warn new users anyways. Some modders (like rotohammer) already usually remove these parts, but still triple check everything to make sure.
There is no known fix. I know, I've tried all of them some people suggested in other threads. None of them really works. Sure, with some effort, you can get a different firmware to somewhat run, but you'll still be using the "checksum" bootloaders and the kernel will not be modified. You will still be running the kernel from the "checksum" firmware you loaded earlier. You will not be able to do full flashes, nor will KIES updates work.
Hopefully somebody will find a real solution for this issue for those already affected. If so, please post it in this thread.
Are you affected ?
NEW DEC 28: See SGTBootloaderCheck script below!
It is hard to say for sure without actually trying to flash a non-JM6/A/C/D kernel without the correct checksum. Here's a screenshot of the error you'll get:
If you still have the original files for the ROM you flashed, but do not want to try flashing a non-Samsung-stock kernel, there are some indicators:
- Rename all .tar.md5 files to .tar
- Extract all the .tar files with WinRAR
- Look at the resulting files:
--- Includes "boot.bin" (primary bootloader)
--- Includes "sbl.bin" (secondary bootloader)
If one or both are present, this indicates new bootloaders are being flashed. That does not make it certain if they are "protected" or not, though. But if a large zImage is also present (see the next item), it is very likely they are.
- Look at the resulting files:
--- "zImage" (kernel)
If zImage is about 7800 kb (as opposed to 4000 - 5500 kb that is normal), it is very likely this kernel includes a checksum. If you want to be 100% sure, open zImage in a hex editor, and go all the way to the end. There will be a few mb of 0's, followed by 128 bytes checksum - the very last 128 bytes in the file.
Such a zImage can be flashed both on "original" and the new "protected" bootloaders. The "protected" bootloaders can only flash these zImage, not the smaller variants.
If you have boot.bin, sbl.bin and a 7800 kb zImage, it is 99% likely flashing this ROM will give you a "protected" bootloader.
Some tech
Once these ROMs are flashed, it is required updates to "boot", "sbl", "zImage" have a 128-byte checksum/signature. In boot.bin and sbl.bin these are near the end, in zImage (7800 kb files) they are the very last 128 bytes. Only firmwares with a zImage that have this signature will be flashable (which at the time of this writing are only JM6/A/C/D).
I have no idea how this signature is generated as of yet, so "faking it" is also not an option. If somebody figures that out, please post it in this thread. Then we could just insert the signatures in the older bootloaders and flash them back (still a dangerous effort by itself).
I think, and possible others will correct me on this, the verification goes as follows, on a running device:
- PBL ( boot.bin ) checks SBL ( sbl.bin ) signature
- SBL checks kernel ( zImage ) signature
While flashing, I think it's the SBL that verifies the PBL/SBL/kernel flash, and refuses to write if the signature isn't correct.
Possible solutions
Flashing back "unprotected" bootloaders from older ROMs through either Odin or Heimdall does not work. These older bootloaders do not have the required signatures/checksums and thus the flash will fail.
A possible solution would be rooting the device, using Koush' bmlunlock, and dd'ing back bml1 and bml4 from backups, complete bypassing the flash checks. This is a very very dangerous to be trying out though, and unless you really know what you are doing, I wouldn't attempt it. Maybe someone has Samsung repair center contacts or a JTAG unit close by ?
Personal note
I have tried to flash back older bootloaders and kernels several times and in several ways (from for example JJ4) but this fails. Odin said it succeeded the very last time I tried, however it really didn't, as my device is now a full (user-wise) brick. It doesn't even turn on to show me the "phone --- | --- pc" error screen. So I guess I need to make a trip to the nearest Samsung repair center (200 miles away). Too bad my car also broke down today Guess it'll be some time (and money) before I have a working Tab again. Note that the brick was a problem with Odin, probably, not directly caused by the protected bootloaders themselves.
Update: Tab is back and working Replaced mobo, so I no longer have the signed bootloaders myself.
NEW DEC. 28: SGTBootloaderCheck
Attached is also SGTBootloaderCheck. This is a script run on your Windows PC through ADB to check your bootloaders. It requires root, SuperUser, and a working ADB connection.
Just unzip the archive to a new folder, and double-click "check.bat". That should dump your bootloaders and kernel, copy them to your computer, check the content for signatures, and let you know the result.
I can't guarantee it works, but it should
Attached
An archive with some relevant files for those who want to do some research. DON'T FLASH THESE FILES !!!
( 467, 909 )
I'm sorry about your Tab man.
After flashing JM6, I have "zImage" and "Sbl.bin" but no "boot.bin" in my internal SD. Am I affected?
Also, is it safe to delete these files from my internal SD? I'm guessing they were put there temporarily and are now stored somewhere else already?
hey chainfire,
i'm sorry about the brick :/
my english seems to be very bad... could u explain me why ur tab is bricked now?
i think i understood why its not possible to flash to another firmware but why ur tab is bricked now? yesterday i flashed to jm6 from an old arabic fw (i think it was JJ1) with pit p1 and code, modem and csc file with re-part. on. so is anything there i have to look out now?
codewisp said:
After flashing JM6, I have "zImage" and "Sbl.bin" but no "boot.bin" in my internal SD. Am I affected?
Also, is it safe to delete these files from my internal SD? I'm guessing they were put there temporarily and are now stored somewhere else already?
Click to expand...
Click to collapse
You could be affected, I can't say for sure. The only way to be sure is trying to flash a custom kernel and see if Odin gives an error. See the CF-Root thread for screenshots of the error that is produced if you are affected. If there's no error and it boots, you have probably not been affected. Note that you can flash back the original JM6 kernel with both the "protected" as well as the "original" bootloaders.
I'll update the first post to add a bit more information.
Also yes, those files on your internal SD are temporary, you can delete them.
DubZyy said:
hey chainfire,
i'm sorry about the brick :/
my english seems to be very bad... could u explain me why ur tab is bricked now?
i think i understood why its not possible to flash to another firmware but why ur tab is bricked now? yesterday i flashed to jm6 from an old arabic fw (i think it was JJ1) with pit p1 and code, modem and csc file with re-part. on. so is anything there i have to look out now?
Click to expand...
Click to collapse
The brick is a result of a bad bootloader flash... it's not something any of you are likely to encounter (unless you are trying to fix this issue).
If you successfully flashed to JJ1 - Odin did not produce any errors - you are probably safe!
Thanks for the information, but a little bit late for me --> bricked
My luck: Next samsung repair center is 5 kilometers away.
But I don't know what i should tell him.
The truth?
@chainfire
Have your tried hexediting the version of the SBL to a "fake" newer version? or does the check only care about the checksum ? on older phone we used to be able to do this....
I'm unpacking my dev. tab as we speak so I hope to have some time to play between x-mas dinners
chinchen said:
Thanks for the information, but a little bit late for me --> bricked
My luck: Next samsung repair center is 5 kilometers away.
But I don't know what i should tell him.
The truth?
Click to expand...
Click to collapse
Damned lucky the repair center is close!
You wouldn't happen to be living near me and I just never heard of this service center, would ya ?
How exactly is it a brick ? It's only a brick if it doesn't turn on at all anymore (like mine). If you can get anything on screen, you can bring it back to life (although maybe with protected bootloaders).
Jesterz said:
@chainfire
Have your tried hexediting the version of the SBL to a "fake" newer version? or does the check only care about the checksum ? on older phone we used to be able to do this....
I'm unpacking my dev. tab as we speak so I hope to have some time to play between x-mas dinners
Click to expand...
Click to collapse
As far as I have been able to deduce (I have not done a full decompile yet, and not sure if I'm going to) it's only the checksum that matters. But I could be wrong there.
I'll upload some files for you in a minute, so you can look at them yourself as well.
chinchen said:
Thanks for the information, but a little bit late for me --> bricked
My luck: Next samsung repair center is 5 kilometers away.
But I don't know what i should tell him.
The truth?
Click to expand...
Click to collapse
Anything besides truth - tell them that you turn off Tab at evevning, and at the morning he doesnt start... they believe
Chainfire - my condolence... i also cannot flash CF-Root on JMC so i think i have new bootloader - im waiting for next steps when yours Galaxy Tab alive
sorry for my english
@Jesterz:
Some files you might want to look at attached to first post.
Is there any way to check what version of bootloader i have installed? I cannot install CF-Root on JMC -its enough to say i upgrade bootloader in my Tab?
faust86 said:
Is tehere any way to check what version of bootloader i have installed? I cannot install CF-Root on JMC -its enough to say i upgrade bootloader in my Tab?
Click to expand...
Click to collapse
If you get the same error as in the screenshot linked to in the first post, yes, you have the protected bootloaders.
good to know i am not effected. and for people who has effected roms i think as we know the reason there will be a quick solution for this.
Chainfire said:
If you get the same error as in the screenshot linked to in the first post, yes, you have the protected bootloaders.
Click to expand...
Click to collapse
So i install this *** bootloader... maybe i brick my Tab and take it to service point... i have 100 meters :>
Me too
Chainfire said:
If you get the same error as in the screenshot linked to in the first post, yes, you have the protected bootloaders.
Click to expand...
Click to collapse
I have the error and I cant change ROM (a part from switching between JM6, JMA and JMC)... Hope someone soon find a fix!
My tab some ago was in a similar state (complete black and didnt show in ODIN).
My luck was that it was stuck in some kind of download mode. Leaving it connected to the computer has made a miracle: after more than 15 minutes it has appeared as connected in ODIN and was possible to flash back a ROM).
patomas said:
I have the error and I cant change ROM (a part from switching between JM6, JMA and JMC)... Hope someone soon find a fix!
My tab some ago was in a similar state (complete black and didnt show in ODIN).
My luck was that it was stuck in some kind of download mode. Leaving it connected to the computer has made a miracle: after more than 15 minutes it has appeared as connected in ODIN and was possible to flash back a ROM).
Click to expand...
Click to collapse
I'll just try that. I have no hope of it working, but hey, it's not like I'm using the Tab for anything else right now
patomas said:
My tab some ago was in a similar state (complete black and didnt show in ODIN).
My luck was that it was stuck in some kind of download mode. Leaving it connected to the computer has made a miracle: after more than 15 minutes it has appeared as connected in ODIN and was possible to flash back a ROM).
Click to expand...
Click to collapse
While the Tab was at a black screen, did you ever press the power button or did you just leave it alone for Odin to eventually find it?
rotohammer said:
While the Tab was at a black screen, did you ever press the power button or did you just leave it alone for Odin to eventually find it?
Click to expand...
Click to collapse
While you're here... any chance of both STL and BML dumps of your (hopefully proper) PBL and SBL ?
Chainfire said:
While you're here... any chance of both STL and BML dumps of your (hopefully proper) PBL and SBL ?
Click to expand...
Click to collapse
Of course. I have dumps of everything. I'm just about to run some diffs to make sure my current bootloaders are ok, I can't remember what Ive flashed
I am certain my G4 is TWN, from the box and the software version. But what are the actual differences to the European H815? Specifically, can I flash European KDZs or use the EU command for flashing a rooted /system image?
Code:
dd if=/data/media/0/system.rooted.H81510c-EU.img bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
Thanks
I have a the TWN version too damn it. - that's what happens when you buy from a global vendor over the internet .
Good news is that you can flash the EU rooted system image. I did and it worked fine.
Bad news is that you can't unlock the boot loader (yet), which means no TWRP or custom roms and flashing a stock Marshmallow leaves you without root and no way to downgrade.
Cheers
BTW I don't know of any differences between the EU and TWN devices other than the version coding - to me it just seems to be a way for LG to control their different markets.
Thank you for this. I do not want to unlock it just yet, since I bought it from a local vendor and I have a 2 year warranty with them. I see there is already a rooted image for v10d TWN, so I will flash that soon (are you sure the parameters for the dd command are the same?).
Sidenote, it would be nice if we could compile our own KDZs and make rooted ones.
metalboy94 said:
Thank you for this. I do not want to unlock it just yet, since I bought it from a local vendor and I have a 2 year warranty with them. I see there is already a rooted image for v10d TWN, so I will flash that soon (are you sure the parameters for the dd command are the same?).
Sidenote, it would be nice if we could compile our own KDZs and make rooted ones.
Click to expand...
Click to collapse
I can't really comment on the all the parameters in that command string except to say that it's one I used and it worked well. Whether those numbers would need to be modified for the 10D image or not I can't say - I would suggest you ask the author of that original rooting thread.
BTW you can't unlock the bootloader on the TWN version just now in any case. I tried the official method over the weekend and was told the TWN version was not supported. There's unofficial unlock method available for any G4 variant yet either but people are working on it.
wadken1 said:
I can't really comment on the all the parameters in that command string except to say that it's one I used and it worked well. Whether those numbers would need to be modified for the 10D image or not I can't say - I would suggest you ask the author of that original rooting thread.
BTW you can't unlock the bootloader on the TWN version just now in any case. I tried the official method over the weekend and was told the TWN version was not supported. There's unofficial unlock method available for any G4 variant yet either but people are working on it.
Click to expand...
Click to collapse
Probably the parameters aren't different between firmware images, because they depend on the partition table of the device.
Now waiting for a version of Xposed that is confirmed not to drain battery. Thanks again!
I'm running xposed now with about 10 modules. I don't see any great battery drain.
wadken1 said:
I have a the TWN version too damn it. - that's what happens when you buy from a global vendor over the internet .
Good news is that you can flash the EU rooted system image. I did and it worked fine.
Bad news is that you can't unlock the boot loader (yet), which means no TWRP or custom roms and flashing a stock Marshmallow leaves you without root and no way to downgrade.
Cheers
BTW I don't know of any differences between the EU and TWN devices other than the version coding - to me it just seems to be a way for LG to control their different markets.
Click to expand...
Click to collapse
Hang on, I can flash MM into my TWN? I missed that, how does that work? Is there a thread?
wadken1 said:
I have a the TWN version too damn it. - that's what happens when you buy from a global vendor over the internet .
Good news is that you can flash the EU rooted system image. I did and it worked fine.
Bad news is that you can't unlock the boot loader (yet), which means no TWRP or custom roms and flashing a stock Marshmallow leaves you without root and no way to downgrade.
Cheers
BTW I don't know of any differences between the EU and TWN devices other than the version coding - to me it just seems to be a way for LG to control their different markets.
Click to expand...
Click to collapse
I did the same thing, buying online and getting stuck with TWN. I came from a GS6 and was thinking "I'll wack an AOSP ROM on the G4 and I'll have the perfect phone". Now I'll probably never buy another LG even though I actually like the G4 but when we pay close to $1k for a phone we should be able to do what we like with it!
There is a thread for stock marshmallow which you can install with flash fire but there's no root available with that option just now.
wadken1 said:
There is a thread for stock marshmallow which you can install with flash fire but there's no root available with that option just now.
Click to expand...
Click to collapse
I've tried to find the correct thread but could you point me in the right direction?
Thanks
gz5ztg said:
I've tried to find the correct thread but could you point me in the right direction?
Thanks
Click to expand...
Click to collapse
Sorry. Missed this while I was away.
The thread I'm talking about is http://forum.xda-developers.com/g4/development/stock-h815-20a-stock-rom-t3233049
BUT be warned you will lose root !!. So far as I know just now there is no way to get root on stock MM without an unlocked bootloader. This may have changed inthe last couple of days - you'll need to read around the forum.
ALSO there is no sure way back to L is you decide you can't live without root (I certainly couldn't so I'm waiting for further developments). I think I read that someone here more-or-less accidentally managed to recover back to L but I didn't really have time to take in all the details so futher reading needed if you want to take the risk.
wadken1 said:
Sorry. Missed this while I was away.
The thread I'm talking about is http://forum.xda-developers.com/g4/development/stock-h815-20a-stock-rom-t3233049
BUT be warned you will lose root !!. So far as I know just now there is no way to get root on stock MM without an unlocked bootloader. This may have changed inthe last couple of days - you'll need to read around the forum.
ALSO there is no sure way back to L is you decide you can't live without root (I certainly couldn't so I'm waiting for further developments). I think I read that someone here more-or-less accidentally managed to recover back to L but I didn't really have time to take in all the details so futher reading needed if you want to take the risk.
Click to expand...
Click to collapse
Okay thanks, maybe I will wait. This is going to sound like a completely noob type question but what is it that you are doing that you couldn't live without that requires root?
gz5ztg said:
Okay thanks, maybe I will wait. This is going to sound like a completely noob type question but what is it that you are doing that you couldn't live without that requires root?
Click to expand...
Click to collapse
Here's a few of the things I use which need root:
TI Backup
LMT Launcher
Bubble UpnP
FX Explorer (with root)
Gravity Box (xposed) to give expanded desktop
Llama + Secure settings (allows for automated control of airplane mode, gps and others which have been denied by google for default seetings)
Buidprop editor - allows altering a number of settings but especially DPI
Greenify advanced functions
Amplify
Better Battery Stats
Flashfire
Busybox
Viper4Android
SE Linux Mode Changer (needed to allow Viper to work)
Hi,
Everybody is looking for official stock roms for Moto G4/G4 Plus *AWAY* from Motorola support, which looked to me like kind of weird but I now know why: people are looking for stock roms that will allow them over the air upgrades. If you have a developer edition or a moto with unlocked bootloader, Moto's own roms are flashable and *COMPLETELY WORKING*
motorola-global-portal.custhelp.com/app/standalone/bootloader/recovery-images
Go to above URL, quick login using G+, follow instructions to get to the download list. The listed download for XT1625 will also work just fine for XT1642.
Or, you can just use this direct link: motorola-global-portal.custhelp.com/cc/ajaxCustom/getBootFile/fileName/ib65qpz53y
may also require login.
******** VERY IMPORTANT ************
Everybody lists fastboot utility commands with which you restore a Moto stock rom. They do not tell these severe warnings:
- Never flash a gpt.bin file unless you really absolutely ultimately intentionally and knowingly NEED TO. Why? in 99.9% of the cases it is useless to your phone and your needs and all it will do is deprive you the ability to downgrade to an earlier version or flash an older boot file, system file, ...etc. You get the picture. BTW, gpt.bin is only a partition image containing Moto's partition table scheme, with versioning for downgrade prevention. Keep away from it. It is pure EVIL.
IF YOU SEE gpt.bin FILE, DELETE IT WITHOUT HESITATION.
- Our second vanity: bootloader.img or bootloader.bin or anything that spells BOOTLOADER. EVIL. DELETE IT. It will 99.9% only mess up your cellular capability and render your phone without voice calls, with out SMS and without 2G/3G/4G; no data whatsoever. It will convert your phone into a 5.5 inch SIM-less tablet. It will KILL YOUR SIM SLOTS.
Instruction are on the first link, but anyway, here we go:
To flash, put the phone in fastboot mode:
1. Power OFF your device
2. Then Power ON + Volume Down Alternatively, you can reboot into fastboot mode if you have adb...
adb reboot bootloader.
Next flash the images using fastboot:
Code:
"DELETED COMMAND HERE WAS SUPPOSED TO FLASH THE GPT.BIN. NEVER DO IT"
"DELETED COMMAND HERE WAS SUPPOSED TO FLASH THE BOOTLOADER. NEVER DO IT"
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot erase userdata
fastboot erase cache
fastboot reboot
enjoy
****removed****
MK+2017 said:
****removed****
Click to expand...
Click to collapse
I would like back to MM from Nougat on XT1642. This firmware comes from a trusted source, but have you tried this firmware, no problems after flashing? Do I have to have an unlocked bootloader ?
kkamelot said:
I would like back to MM from Nougat on XT1642. This firmware comes from a trusted source, but have you tried this firmware, no problems after flashing? Do I have to have an unlocked bootloader ?
Click to expand...
Click to collapse
if you have not unlocked boot-loader you are covered by warranty and I advise you keep it that way. Motorola is a BI***.
if you really can't live without older stock, go to moto service and ask them to do it for you. should not cost you much, if any.
if what you hate is stock firmware, you can unlock bootloader, get warranty off, and flash LinageOS. Stable enough although still in nightly builds (successor of CyanogenMod)
hope that helps.
PS1: what you would fear the most is lose your SIM slot, happens a lot. Be safe!
PS2: asking if I tried it yes, I did. it worked. but I was on 6.0.1 at the time. do not take risk.
PS3: Motorola is a *****. DON'T MESS WITH IT.
MK+2017 said:
if you have not unlocked boot-loader you are covered by warranty and I advise you keep it that way. Motorola is a BI***.
if you really can't live without older stock, go to moto service and ask them to do it for you. should not cost you much, if any.
if what you hate is stock firmware, you can unlock bootloader, get warranty off, and flash LinageOS. Stable enough although still in nightly builds (successor of CyanogenMod)
hope that helps.
PS1: what you would fear the most is lose your SIM slot, happens a lot. Be safe!
PS2: asking if I tried it yes, I did. it worked. but I was on 6.0.1 at the time. do not take risk.
PS3: Motorola is a *****. DON'T MESS WITH IT.
Click to expand...
Click to collapse
Thank you for your answer !
I have one more question, is there way (like in nexus) to back to original software (Nougat can be) after changing OS or make a modifications?
kkamelot said:
Thank you for your answer !
I have one more question, is there way (like in nexus) to back to original software (Nougat can be) after changing OS or make a modifications?
Click to expand...
Click to collapse
There is, but if you are not good with command line, think twice. Check here: https://forum.xda-developers.com/moto-g4-plus/help/complete-partition-backup-script-xt1644-t3608408
you would typically use that alongside full TWRP backup.
I can assure you nothing will go wrong if you jump straight to LineageOS, it might only go wrong if you take the bad decision of going back to stock. The dd images would give you solid backup, though.
In case you lose your sim slot, you can use help from here: https://forum.xda-developers.com/showpost.php?p=72343095&postcount=101
I intuitively contributed to that solution Giving is taking!
Thank you @m.sawastik and @givitago
MK+2017 said:
There is, but if you are not good with command line, think twice. Check here: https://forum.xda-developers.com/moto-g4-plus/help/complete-partition-backup-script-xt1644-t3608408
you would typically use that alongside full TWRP backup.
I can assure you nothing will go wrong if you jump straight to LineageOS, it might only go wrong if you take the bad decision of going back to stock. The dd images would give you solid backup, though.
In case you lose your sim slot, you can use help from here: https://forum.xda-developers.com/showpost.php?p=72343095&postcount=101
I intuitively contributed to that solution 😊Giving is taking!
Thank you @m.sawastik and @givitago
Click to expand...
Click to collapse
I would also be happy to assist you if you want to jump to LineageOS. I won't assist you with dd backup, just because you need to take that responsibility on your own
My XT1625 is already on Lineage OS Andriod N. However, I feel like the cellular reception and thus battery life has been worse versus stock.
I wanted to flash only the latest baseband from the latest stock Andriod N but your Moto link only has 6.0.1 for XT1625.
What gives- I thought Motorola already updated the G4 to 7.0?
Will OTAs work with this?
Will OTAs work with these?
If I just want to upgrade my modem/baseband and then go back to LOS, do I just need to type "fastboot flash modem NON-HLOS.bin" or do I need to make a full install?
it works for moto g4 t1625 amazon version?? compilation number npj25.93-14.5 ?????? i answer this because in the web site motorola its appear the moto g4 rom xt1625 build MPJ24.139-64
Works!
I just want to say that I had a Moto G4 Plus (XT1642) that had no SIM recognition, no IMEI, no Wifi, and thanks to the instructions at the top of this thread, I now have it all.
I spent the whole day trying all sorts of things. Now it finally works!
Thanks!
How do I flash?
Hi friend, sorry but my English is not good.
My phone will receive nougat via OTA?
Something has broken my sound notifications
When I try this procedure I get a lot of these errors against some of the commands
(bootloader) Image aboot failed validation
(bootloader) Preflash validation failed
(bootloader) will fail: flash:aboot
FAILED (remote failure)
And now sounds that accompany any notifications from any applications fail to make any sound. Vibrate does initiate.
I am trying to find a way to enable hotspot on my ATT Moto G4 plus, if I flash this rom can anyone confirm it will unlock this feature? Torn between flashing or just going in to kernel and make change for this feature, any advice appreciated..
how to restore the sim slot after flash( i have no service)
i had frp, and after remove it with 3rd party tool i flash new rom.
now i have no service(but it detect the sim), there is any way to restore the sim slot?
i flashed the original rom from motorola site and it didnt help.
i flash the lineage OS and it didnt helped.
thanks
ggc201 said:
there is any way to restore the sim slot?
Click to expand...
Click to collapse
I've been searching for a fix for a few months now, whenever I get free time. Most threads about the subject die and aren't revisited. Someone will inevitably come to this page on a Google search wondering like us. I haven't found anything that will help and so I'm calling it quits. This phone is so outdated it would be better suited to find a deal somewhere else.
Thanks... can't find the button.
I have the xt1625 amz channel version and the: XT1625-XT1644_ATHENE-RETUS_6.0.1_MPJ24.139-48_cid50_subsidy-DEFAULT_CFC.xml.zip > provided enhanced LTE whereas the official OS did not support. I can actually do sh** on my phone without hanging up.
I want you and yours to be blessed forever and great post.
Bootloader is unlocked but somehow it is stuck between root and no root. Will figure it out....
Again... thanks... this is a big deal for me. :good:
non-developer edition?
If you have a developer edition or a moto with unlocked bootloader, Moto's own roms are flashable and *COMPLETELY WORKING*
Click to expand...
Click to collapse
Can anyone attest to having successfully flashed an unlocked non-developer edition G4 with this ROM? Motorola clearly warns against doing this:
IMPORTANT! Do not use these images/packages on non-developer edition devices or on devices with a locked bootloader.
Click to expand...
Click to collapse
(sorry, I'm a new member so I'm not allowed to include a link)
Hello,
can somebody upload exactly this FW for this phone?
For 2 SIM cards? Yes
Software channel: reteu
Baseband version: M8937_11.16.02.51R CEDRIC_EMEADSDS_CUST
Kernel: original (stock): 3.18.31....
Android security level: 1 August 2017
Android version: 7.0
Build number: NPPS25.137-72-4
I can't find this ROM anywhere, but reallly need it. Thx in advance.
Mcandrew2809 said:
Hello,
can somebody upload exactly this FW for this phone?
For 2 SIM cards? Yes
Software channel: reteu
Baseband version: M8937_11.16.02.51R CEDRIC_EMEADSDS_CUST
Kernel: original (stock): 3.18.31....
Android security level: 1 August 2017
Android version: 7.0
Build number: NPPS25.137-72-4
I can't find this ROM anywhere, but reallly need it. Thx in advance.
Click to expand...
Click to collapse
I managed to break my XT1676 also, couldn't find the NPPS25.137-15-11 image either.
I ended up flashing NPP25.137-33 using RSDLite but modifying the flashing script to not flash the partition layout or the bootloader as they are older versions and got it back up and running. If you had that image on the phone previously and you have an unlocked bootloader you can do the same.
Let me know if you need more instructions.
Cheers.
Thank you for replying, raiamino.
I'd like to ask if is there any other option especially for phones with locked bootloader? I'd like to reflash my phone because it became unbelievably slow and laggy after some time. Factory reset didn't help much.
I flashed a lot of phones in the past (for example Sony Ericsson Xperia X8, Lenovo S60...) but this phone really surprises me about flashing. I found a lot of custom ROMs here on xda and I was thinking about flashing some also, but I'm a little bit scared of it - I don't know, which one is compatible and which isn't (nowhere is written if is custom ROM built for 2/16, 3/16, SingleSIM, DualSIM... variant). I need Moto Gestures feature (really useful thing for me) also, but don't know, if any custom ROM supports it. Do you know about any which will not cause brick (or hard brick) if I will flash it? Thx in advance.
Btw, sorry for bad English, but it's not my native language. Greetings from little big country - Slovakia.
Mcandrew2809 said:
Thank you for replying, raiamino.
I'd like to ask if is there any other option especially for phones with locked bootloader? I'd like to reflash my phone because it became unbelievably slow and laggy after some time. Factory reset didn't help much.
I flashed a lot of phones in the past (for example Sony Ericsson Xperia X8, Lenovo S60...) but this phone really surprises me about flashing. I found a lot of custom ROMs here on xda and I was thinking about flashing some also, but I'm a little bit scared of it - I don't know, which one is compatible and which isn't (nowhere is written if is custom ROM built for 2/16, 3/16, SingleSIM, DualSIM... variant). I need Moto Gestures feature (really useful thing for me) also, but don't know, if any custom ROM supports it. Do you know about any which will not cause brick (or hard brick) if I will flash it? Thx in advance.
Btw, sorry for bad English, but it's not my native language. Greetings from little big country - Slovakia.
Click to expand...
Click to collapse
you can do the following - warning it will erase everything on internal storage including photos music downloads documents etc - backup to sd card or laptop first if you want to keep these things
put phone into fastboot mode and connect to laptop
In a terminal/command prompt window assuming you have fastboot installed type the following
Code:
fastboot erase userdata
When you restart your phone it will be like the first time you switched it on (albeit with upgraded firmware version)
LineageOS supports moto gestures - For me they all work except shake to open camera app but you can set it to open with a double press of the power button
Flashing a custom rom designed for your phone will not hard brick it as it will never touch the bootloader so you will always be able to enter fastboot mode
Of course you can soft brick which means it either bootloops or you cant access recovery if you don't follow the correct process but you can solve that just by repeating the process correctly
All right, I will give it a try at evening (not enough time right now). So If I will do the fastboot command...
Code:
fastboot erase userdata
...what will happen? Is it the same procedure as factory reset + wipe cache?
Mcandrew2809 said:
All right, I will give it a try at evening (not enough time right now). So If I will do the fastboot command...
Code:
fastboot erase userdata
...what will happen? Is it the same procedure as factory reset + wipe cache?
Click to expand...
Click to collapse
yes but it also wipes everything on internal storage data partition
A reset + wipe cache will format data but not user data (things that are stored on internal storage such as pictures music documents downloads)
It does not format system or anything else
Thank you, it helped a lot! :highfive:
EDIT: what's difference between erase and format in fastboot? Would something bad happen if i do format command instead of erase?
Mcandrew2809 said:
Thank you, it helped a lot! :highfive:
EDIT: what's difference between erase and format in fastboot? Would something bad happen if i do format command instead of erase?
Click to expand...
Click to collapse
Iv no idea - it will either give an error unknown command or do something
erase userdata is the correct use
Hello,
I have the same phone and like to download the stock rom first before flashing a custom one (RR e.g.). I can't find anywhere a download for this version's custom rom yet. Is there any way to save the stock rom out of the still unmodified phone?
Thanks for your help!
Bro.. check this.. npps is for xt 1676 ( Europe, Turkey ) and npp is for xt 1677 ( India) . Both are dual sim 3gb version phones.. just may be customization difference. Hopefully all modem bands may work.
Npps or xt 1676 unfortunately dont have version above 25.137-15 ( which is an older firmware from what u have ) , so never flash it.
But npp have higher version 72/76/82.
Just in case u are not confident enough avoid gpt, and bootloader flashing.
Btw.. if you have messed up ur bootloader ( cant boot into fastboot) .. i think give these files a try.. btw.. you have nothing to loose since u have messed up pretty bad with bootloader.
This is the only last try till Oreo upadate ( if moto ever release it for g5)
Btw.. if u get successful.. please share.
https://www.clangsm.com/forum/index.php?showtopic=482933
---------- Post added at 02:34 PM ---------- Previous post was at 02:16 PM ----------
And if u are worried about modem ( which may cause wifi /signal issue) avoid flashing modem or try flashing old modem from npps25.137-15 ( the file is available in same directory) you can use the modem file only for flashing )
I mean.. first flash the complete npp25.137-76 ( i choose that file because its non branded ) .. after successful boot, check wifi and sim.
If everything is ok.. use the same..
If you have problems with wifi or sim..
Use modem file from npps 25.137-15 and flash modem partion only.
Or completely avoid all trial and error methods. And just flash npp25-137-76 with out flashing modem , bootloader, gpt, - its just like flashing a new kernel and system.. everything except system and kernel will remanin the same.
The method works only if u have a working bootloader. If its not there.. there is no way to trial and error things.. till u courageously flash the bootloader and gpt from npp version..
Hope you will get something.
---------- Post added at 02:51 PM ---------- Previous post was at 02:34 PM ----------
Currently.. my xt1676 is working with August security update ( npps - 25.137-72-4 ) rooted, unlocked.. i am trying hard to mess it up.. unfortunately twrp backup helps me to unbrick few times!! But soon or later i will manage to mess it up!!!???
Only then i will give these files a try... ( Or atlest till pixel 2 comes to retailer near by) . For now this is my backup phone after selling s7 edge.
This is just 2 weeks old.. and i manage to mess its os 5-6 times till now.. so i think i will be joining your club soon
Just the same phone as yours..2 weeks old.. but its alive till now.
showlyshah said:
Just the same phone as yours..2 weeks old.. but its alive till now.
Click to expand...
Click to collapse
Hi. Sorry for bumping an old thread but I thought it was better then to make a new one.
I bought this phone a few days ago and it had NPPS25.137-72-4 when delivered. Been trying to read up a bit on this device but since I'm used to samsung, it all takes a while to figure things out
Got it unlocked/rooted fine, but I want to make sure I have something to fall back on in case of trouble.
I've been searching for this fw without any luck. Any chance some one got it and can share it?
NPPS25.137-72-4
Or if anyone can suggest a different one that could work. ( I don't really understand the fw names yet)
Thanks in advance.
tys0n said:
Hi. Sorry for bumping an old thread but I thought it was better then to make a new one.
I bought this phone a few days ago and it had NPPS25.137-72-4 when delivered. Been trying to read up a bit on this device but since I'm used to samsung, it all takes a while to figure things out
Got it unlocked/rooted fine, but I want to make sure I have something to fall back on in case of trouble.
I've been searching for this fw without any luck. Any chance some one got it and can share it?
NPPS25.137-72-4
Or if anyone can suggest a different one that could work. ( I don't really understand the fw names yet)
Thanks in advance.
Click to expand...
Click to collapse
Take a twrp backup .. a clean one..
tys0n said:
Hi. Sorry for bumping an old thread but I thought it was better then to make a new one.
I bought this phone a few days ago and it had NPPS25.137-72-4 when delivered. Been trying to read up a bit on this device but since I'm used to samsung, it all takes a while to figure things out
Got it unlocked/rooted fine, but I want to make sure I have something to fall back on in case of trouble.
I've been searching for this fw without any luck. Any chance some one got it and can share it?
NPPS25.137-72-4
Or if anyone can suggest a different one that could work. ( I don't really understand the fw names yet)
Thanks in advance.
Click to expand...
Click to collapse
There's no flash able zips of stock ROMs here unfortunately. Weird for me too since I was Samsung through and through. Take a back up of your own ROM via TWRP or you can use the debloated stock ROM by Fedray on the ROM forum.
showlyshah said:
Take a twrp backup .. a clean one..
Click to expand...
Click to collapse
Smonic said:
There's no flash able zips of stock ROMs here unfortunately. Weird for me too since I was Samsung through and through. Take a back up of your own ROM via TWRP or you can use the debloated stock ROM by Fedray on the ROM forum.
Click to expand...
Click to collapse
Thanks for your answers.Thats actualy first thing I did after flashing twrp to have a clean backup of system and boot.
I also made a few partition backups in terminal, like persist, oem, modem and a few others so hopefully I'm fine.
Do you guys know if I can take stock recovery from lower version fw in case I would ever need it again?
I highly doubt I ever will, but just in case
Edit: If anyone needs a system/boot backup of this fw, just let me know and I'll upload it.
tys0n said:
Thanks for your answers.Thats actualy first thing I did after flashing twrp to have a clean backup of system and boot.
I also made a few partition backups in terminal, like persist, oem, modem and a few others so hopefully I'm fine.
Do you guys know if I can take stock recovery from lower version fw in case I would ever need it again?
I highly doubt I ever will, but just in case
Edit: If anyone needs a system/boot backup of this fw, just let me know and I'll upload it.
Click to expand...
Click to collapse
Infact i need a full twrp backup of the exact same firmware.. if u can uplaod.. please do that.. btw.. if u need recovery image i can extract it from ota.. and send to you.
showlyshah said:
Infact i need a full twrp backup of the exact same firmware.. if u can uplaod.. please do that.. btw.. if u need recovery image i can extract it from ota.. and send to you.
Click to expand...
Click to collapse
Yes please. If you could do that, that would be great
I'll zip the backup and upload it in a few hours when I get to my computer.
tys0n said:
Yes please. If you could do that, that would be great
I'll zip the backup and upload it in a few hours when I get to my computer.
Click to expand...
Click to collapse
Me too.. i will do it tomorrow itself.
Ok, here we go. Stock TWRP backup from XT1676.
NPPS25.137-72-4
CEDRIC_XT1676-NPPS25.137-72-4_TWRP.zip
Unzip, put in your twrp backup folder and restore.
https://firmware.gem-flash.com/index.php?a=browse&b=category&id=13304
I got this too..
Hello all,
-I bought a 'refurbished' LG G4 online (claimed to be H815), but when I got it & checked the motherboard inside, it's VS986 instead.
Currently it's on H815 v10h (Lollipop), with ARB v2, and Baseband is MPSS.BO.2.5.c3-00070-M8992FAAAANAZM-1.19025.1
-What's is the best option I have (which ROM to flash)? I'm from Malaysia & I need GSM for 2G/3G capability (AFAIK Verizon's VS986 uses CDMA)*.
Please advise, thank you.
*EDIT: I entered Service Menu & found that several GSM & WCDMA modes are supported, but none of LTE modes is available.
Musafir_86 said:
Hello all,
-I bought a 'refurbished' LG G4 online (claimed to be H815), but when I got it & checked the motherboard inside, it's VS986 instead.
Currently it's on H815 v10h (Lollipop), with ARB v2, and Baseband is MPSS.BO.2.5.c3-00070-M8992FAAAANAZM-1.19025.1
-What's is the best option I have (which ROM to flash)? I'm from Malaysia & I need GSM for 2G/3G capability (AFAIK Verizon's VS986 uses CDMA)*.
Please advise, thank you.
*EDIT: I entered Service Menu & found that several GSM & WCDMA modes are supported, but none of LTE modes is available.
Click to expand...
Click to collapse
The problem with Frankensteins like this is nobody knows what EXACTLY they did to make it look like a h815.
First thing to try is checking the ARB (Antirollback, see my sig) and if you are one of the 1% of lucky users then you may see "nonfusing device" instead of an ARB level.
Assuming that you did that already (as u mentioned ARB2) u are screwed.
There is no valid way to get to a good result here.
Your main issue is that the modem partition must be a vs986 one - or at least a vs986 compatible one as the ARB also takes place in that partition.
Second, if you cannot change the modem partition u might not be able to get 2G/3G as you already found out.
unlocking the device won't help either as the main issue you have relies on the the modem (partition) and even when flashing a vs986 ROM or any other it might never work.
Last - but not least - whatever you do or plan to do: kee my first sentence in mind. Each step you do can easily hard brick your device.
Ofc you can use QFIL to likely bring it back to life (the G4's are really hard to brick until an unusable state) but for this you need the extra tools, knowledge and time to learn.
sorry but there is nothing much you can do other then request your money back as you were tricked.
if you can't I may would try getting another modem partition to work with but doing that requires also a lot of time to learn how to use SALT to extract KDZs, identify the ARB of the modem partition properly (so you do not increase the ARB level by flashing a wrong modem partition) and so on..
gl
.-
steadfasterX said:
The problem with Frankensteins like this is nobody knows what EXACTLY they did to make it look like a h815.
First thing to try is checking the ARB (Antirollback, see my sig) and if you are one of the 1% of lucky users then you may see "nonfusing device" instead of an ARB level.
Assuming that you did that already (as u mentioned ARB2) u are screwed.
There is no valid way to get to a good result here.
Your main issue is that the modem partition must be a vs986 one - or at least a vs986 compatible one as the ARB also takes place in that partition.
Second, if you cannot change the modem partition u might not be able to get 2G/3G as you already found out.
unlocking the device won't help either as the main issue you have relies on the the modem (partition) and even when flashing a vs986 ROM or any other it might never work.
Last - but not least - whatever you do or plan to do: kee my first sentence in mind. Each step you do can easily hard brick your device.
Ofc you can use QFIL to likely bring it back to life (the G4's are really hard to brick until an unusable state) but for this you need the extra tools, knowledge and time to learn.
sorry but there is nothing much you can do other then request your money back as you were tricked.
if you can't I may would try getting another modem partition to work with but doing that requires also a lot of time to learn how to use SALT to extract KDZs, identify the ARB of the modem partition properly (so you do not increase the ARB level by flashing a wrong modem partition) and so on..
gl
.-
Click to expand...
Click to collapse
-Thanks for your reply.
-About returning & requesting a refund, I think it'll be hard as I already damaged the warranty sticker over one of the screws while trying to check the board.
-If we ignore the modem issue for now (maybe use it as WiFi-only device), then what's the best ROM I could flash? I hope at least Marshmallow so it'll last longer as more & more apps are targetting higher Android API levels.
-BTW, I just tried flashing VS9862BA_00_0525_ARB02.kdz but LG UP says "KDZ file is invalid". On another note, while in download mode, I just noticed it says:
Code:
USER S0.0 AS0.0 B91 UHS
S U LG-H810 05.1 Hrev_10
H81010o
-So, now it also has AT&T's H810 pieces inside too?
-BTW, sorry for PM'ing you earlier; I didn't notice your signature (even though you put it in big, red fonts!).
Musafir_86 said:
-Thanks for your reply.
-About returning & requesting a refund, I think it'll be hard as I already damaged the warranty sticker over one of the screws while trying to check the board.
-If we ignore the modem issue for now (maybe use it as WiFi-only device), then what's the best ROM I could flash? I hope at least Marshmallow so it'll last longer as more & more apps are targetting higher Android API levels.
-BTW, I just tried flashing VS9862BA_00_0525_ARB02.kdz but LG UP says "KDZ file is invalid". On another note, while in download mode, I just noticed it says:
Code:
USER S0.0 AS0.0 B91 UHS
S U LG-H810 05.1 Hrev_10
H81010o
-So, now it also has AT&T's H810 pieces inside too?
-BTW, sorry for PM'ing you earlier; I didn't notice your signature (even though you put it in big, red fonts!).
Click to expand...
Click to collapse
-Okay, now I have successfully flashed VS9862BA_00_0525_ARB02.kdz by extracting the DZ file & flashing it directly! :good:
However, it seems Android FRP (Firmware Reset Protection) has been triggered; need to figure on how to bypass this while on 2BA firmware.....
Musafir_86 said:
-Thanks for your reply.
-About returning & requesting a refund, I think it'll be hard as I already damaged the warranty sticker over one of the screws while trying to check the board.
-If we ignore the modem issue for now (maybe use it as WiFi-only device), then what's the best ROM I could flash? I hope at least Marshmallow so it'll last longer as more & more apps are targetting higher Android API levels.
-BTW, I just tried flashing VS9862BA_00_0525_ARB02.kdz but LG UP says "KDZ file is invalid". On another note, while in download mode, I just noticed it says:
-Okay, now I have successfully flashed VS9862BA_00_0525_ARB02.kdz by extracting the DZ file & flashing it directly! :good:
However, it seems Android FRP (Firmware Reset Protection) has been triggered; need to figure on how to bypass this while on 2BA firmware.....
Click to expand...
Click to collapse
Warranty or not i would return it as its not what you had paid for. But up to you and ofc as you flashed a kdz on it you would need to get it back to the state jt was before..
You could unlock and flash nougat, oreo, pie but as with flashing the vs986 kdz/dz nothing comes without a risk ofc. Especially on Frankensteins!
The good is that you likely can revert UsU if you ever want to as you have a fusing device.
Sent from my OnePlus 7T Pro using XDA Labs